Rotating Header Image

Vulnerability in SQL Server Could Allow Remote Code Execution

If you’re on the latest service packs for supported versions of SQL Server (SQL 2005 SP3 or SQL Server 2008) then this does not affect you.  Seeing as how SP3 for 2005 was just officially released last week I’m sure it’s not applied in all environments yet.  If you’re on SQL 2000 well… all the more reason to push that upgrade project through 🙂

SQL Advisory
What causes this threat?
An authenticated remote code execution vulnerability exists in the MSSQL extended stored procedure, “sp_replwritetovarbin,” due to an invalid parameter check.

What is the sp_replwritetovarbin extended stored procedure used for?
The sp_replwritetovarbin extended stored procedure is used by transactional replication with updatable subscribers and only when the subscription is created with @update_mode = ‘failover’ or ‘queued tran’.

What systems are primarily at risk from the vulnerability?
Clients and applications that utilize MSDE 2000 or SQL Server 2005 Express are at risk of remote attack if they have modified the default installation to accept remote connections, if they allow untrusted users access to MSDE 2000 or SQL Server 2005 Express, or if an application that uses MSDE 2000 or SQL Server 2005 Express has a SQL Injection vulnerability.

All systems running one of the affected Microsoft SQL Server software where a malicious user is allowed to log on are at risk of exploitation of this vulnerability. In addition, Web applications with a SQL Server back-end database are at risk if a SQL Injection vulnerability exists. For more information on SQL Injection, see Microsoft Security Advisory (954462).

Affected Software
Microsoft SQL Server 2000 Service Pack 4
 
Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4
 
Microsoft SQL Server 2005 Service Pack 2
 
Microsoft SQL Server 2005 x64 Edition Service Pack 2
 
Microsoft SQL Server 2005 with SP2 for Itanium-based Systems
 
Microsoft SQL Server 2005 Express Edition Service Pack 2
 
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
 
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
 
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
 
Windows Internal Database (WYukon) Service Pack 2
 
Non-Affected Software
Microsoft SQL Server 7.0 Service Pack 4
 
Microsoft SQL Server 2005 Service Pack 3
 
Microsoft SQL Server 2005 x64 Edition Service Pack 3
 
Microsoft SQL Server 2005 with SP3 for Itanium-based Systems
 
Microsoft SQL Server 2008
 
Microsoft SQL Server 2008 x64 Edition
 
Microsoft SQL Server 2008 for Itanium-based Systems

Post to Twitter Post to Delicious Post to Digg Post to StumbleUpon

One Comment

  1. Just as Vine and Periscope have leveraged Twitter’s predominance to spread easy video and livestreaming, Riff could do the same for Facebook. The app is far more interesting (and fun) than Facebook’s bizarre Rooms or the abysmal Slingshot

Leave a Reply

Twitter links powered by Tweet This v1.6.1, a WordPress plugin for Twitter.